US20040172369A1 - Method and arrangement in a database - Google Patents

Method and arrangement in a database Download PDF

Info

Publication number
US20040172369A1
US20040172369A1 US10/471,844 US47184404A US2004172369A1 US 20040172369 A1 US20040172369 A1 US 20040172369A1 US 47184404 A US47184404 A US 47184404A US 2004172369 A1 US2004172369 A1 US 2004172369A1
Authority
US
United States
Prior art keywords
user application
registry
value
certificate
entry
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Abandoned
Application number
US10/471,844
Inventor
Jonas Persson
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
SmartTrust Systems Oy
Original Assignee
Individual
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Individual filed Critical Individual
Assigned to SMARTTRUST SYSTEMS OY reassignment SMARTTRUST SYSTEMS OY ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: PERSSON, JONAS
Publication of US20040172369A1 publication Critical patent/US20040172369A1/en
Abandoned legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/10Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means together with a coded signal, e.g. in the form of personal identification information, like personal identification number [PIN] or biometric data
    • G07F7/1008Active credit-cards provided with means to personalise their use, e.g. with PIN-introduction/comparison system
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • G06F21/6245Protecting personal data, e.g. for financial or medical purposes
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/04Payment circuits
    • G06Q20/045Payment circuits using payment protocols involving tickets
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/322Aspects of commerce using mobile devices [M-devices]
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/32Payment architectures, schemes or protocols characterised by the use of specific devices or networks using wireless devices
    • G06Q20/327Short range or proximity payments by means of M-devices
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/341Active cards, i.e. cards including their own processing means, e.g. including an IC or chip
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/34Payment architectures, schemes or protocols characterised by the use of specific devices or networks using cards, e.g. integrated circuit [IC] cards or magnetic cards
    • G06Q20/357Cards having a plurality of specified features
    • G06Q20/3576Multiple memory zones on card
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/36Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes
    • G06Q20/363Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes with the personal data of a user
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06QINFORMATION AND COMMUNICATION TECHNOLOGY [ICT] SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES; SYSTEMS OR METHODS SPECIALLY ADAPTED FOR ADMINISTRATIVE, COMMERCIAL, FINANCIAL, MANAGERIAL OR SUPERVISORY PURPOSES, NOT OTHERWISE PROVIDED FOR
    • G06Q20/00Payment architectures, schemes or protocols
    • G06Q20/30Payment architectures, schemes or protocols characterised by the use of specific devices or networks
    • G06Q20/36Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes
    • G06Q20/367Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes involving electronic purses or money safes
    • G06Q20/3674Payment architectures, schemes or protocols characterised by the use of specific devices or networks using electronic wallets or electronic money safes involving electronic purses or money safes involving authentication
    • GPHYSICS
    • G07CHECKING-DEVICES
    • G07FCOIN-FREED OR LIKE APPARATUS
    • G07F7/00Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus
    • G07F7/08Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means
    • G07F7/0866Mechanisms actuated by objects other than coins to free or to actuate vending, hiring, coin or paper currency dispensing or refunding apparatus by coded identity card or credit card or other personal identification means by active credit-cards adapted therefor
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/08Network architectures or network communication protocols for network security for authentication of entities
    • H04L63/0823Network architectures or network communication protocols for network security for authentication of entities using certificates
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/06Authentication
    • H04W12/069Authentication using certificates or pre-shared keys

Definitions

  • the present invention relates to a method and arrangement in a database in accordance with the preambles of the independent claims. More specifically it relates to a secure smart card registry database.
  • PKI Public Key Infrastructure
  • PKI is a system used to distribute and check public keys that can be used to authenticate users, sign information or encrypt information.
  • two corresponding (also called asymmetric) keys are used in connection with protecting information.
  • Information, which is encrypted with one of the two keys, can be decrypted only with the other key.
  • PKI systems One important feature of PKI systems is that it is computationally unfeasible to use knowledge of one of the keys to deduce the other key.
  • each of the systems possesses a set of two such keys. One of the keys is maintained private while the other is freely published.
  • a PKI distributes one or several public keys and determines whether a certain public key can be trusted for certain usage or not.
  • An important concept in infrastructures built on public key cryptography is that of the Certification Authority (CA).
  • CA Certification Authority
  • the weakness in a public key system is that, even though it is desirable that the public keys for all users are easily available, it is also required to assert that it is truly known that a particular public key really belongs to the user that one is communicating with. This is what a CA is used for. It uses its good name to guarantee the correctness of a public key by signing a key.
  • SIM Subscriber Identity Module
  • ADN Abbreviated Dialling Number
  • SMS Short Message Service
  • An external device such as a Personal Digital Assistant (PDA) can access the SIM card through a mobile phone's serial or Infrared Data Association (IrDA) port etc by using AT commands or mobile phones proprietary commands.
  • IrDA Infrared Data Association
  • the devices can use all the SIM card commands such as CreateFile, UpdateBinary etc if the right PIN codes have been presented.
  • SIM intellectual property
  • WAP browser any application on the mobile phone or the SIM
  • SIM browser these can also access the SIM card.
  • a disadvantage is that these programs (or the creator of the program) must know how to communicate with SIM card, which means that the SIM card commands from different SIM card manufacturers must be known. Also the administrative codes for each SIM card must be known if a new file is to be created. This is almost impossible.
  • the object of the present invention is to provide a smart card registry database where mobile terminal applications, SIM card based applications, PDA applications etc all can access this database, create new entries, read already stored information or update old information in a way of improved security.
  • the smart card registry database provided by the present invention, comprising means for
  • any user application sending a request for access to the created entry in the registry, said request comprising a certificate issued and signed by the CA, said certificate including a public key, said public key corresponding to a private key that said any user application owns;
  • An advantage with the present invention is that it makes it possible to store tickets, medical data etc. in a mobile phone in a secure way.
  • a value to be stored is combined with a certificate, which is retrieved from the registry, and the combination is signed by a user application and the signed value-certificate is stored in the smart card registry database.
  • An advantage with the first embodiment is that it can be checked by any user application reading the stored value whether the value is copied or manipulated.
  • FIG. 1 shows an exemplary scenario wherein the registry according to the present invention is used.
  • FIG. 2 a is a signalling sequence diagram showing an example of how to create an entry in the registry.
  • FIG. 2 b is a signalling sequence diagram showing how to store data in a created entry in the registry.
  • FIG. 2 c is a signalling sequence diagram showing how to read data in a created entry in the registry.
  • FIG. 3 a is a signalling sequence diagram showing an example of how to create an entry with an associated certificate in the registry.
  • FIG. 3 b is a signalling sequence diagram showing how to store data in a created entry with an associated certificate.
  • FIG. 3 c is a signalling sequence diagram showing how to read data in a created entry with an associated certificate.
  • FIG. 4 a is a signalling sequence diagram showing how to store a value, in a way that the value is protected against copying and manipulating.
  • FIG. 4 b is a signalling sequence diagram showing how to find out that a read copy-protected value in the registry it is not copied or manipulated.
  • the smart card based registry database is a database to which mobile terminal applications, SIM card based applications, PDA applications etc all can gain access, create new entries, read already stored information or update old information etc. How the information is used is up to the application, the registry only stores the information.
  • the registry comprises security such as authentication and encryption and can be used to improve existing applications.
  • FIG. 1 Shows an exemplary scenario wherein the registry according to the present invention is used.
  • a smart card unit 102 comprising the registry 104 is accessible by one or more user applications, within this scenario by a first user application 106 and a second user application 108 .
  • the smart card 102 may be comprised e.g. in a portable unit such as a mobile phone, or PDA.
  • the user application 106 is e.g. a mobile terminal application, a SIM card based application, a PDA application an electronic ticket application etc. that wishes to use the registry 104 for a safe storing of data.
  • a person that wants to see a movie uses the WAP browser in his mobile phone to browse to a ticket-issuing unit within electronic cinema ticketing system and orders a ticket to the movie. He pays e.g. electronically.
  • the first user application 106 in the ticket-issuing unit stores the electronic ticket in a registry 104 in the SIM card, i.e. a smart card 102 , within the user's mobile phone.
  • a registry 104 in the SIM card, i.e. a smart card 102
  • the second user/application 108 within the ticket-receiving unit searches for the relevant ticket in the registry 104 and validates it.
  • the registry database is open for anyone but anyone has not access to all registry entries.
  • An entry is defined as a “storage location” in the registry 104 .
  • the registry 104 is based on public key cryptography, e.g. on asymmetric encryption/decryption and signing, to attain security in the system.
  • a certificate comprising a public key is stored in the registry 104 . This certificate may be down loaded by any user application that requires protection for data to be stored in the registry 104 . In the registry there is also a private key that corresponds to the public key in said certificate.
  • a first user application 106 that requires using the registry 104 for storing some data, creates an entry to the registry 104 . If required, the first user application. 106 has a possibility to restrict who shall be granted access to the created entry. If so, one or more so called toot certificates are assigned to the entry.
  • the owner of the root certificate is considered a local certification authority (CA) 110 .
  • This local CA 110 can be any entity, e.g. a user application 106 .
  • the purpose of the local CA 110 is to issue certificates. These certificates are used by different entities in the system.
  • the second user application 108 wants to read the information in the registry 104 it has to present a valid certificate that has been issued by the local CA 110 to the registry 104 .
  • the registry 104 then challenges the second user application 108 . If the second user application 108 responses successfully to the challenge then access to the registry 104 is granted.
  • the user application 106 , 108 can make sure that the stored content is not copied, e.g. to another smart card registry. This is achieved with a certificate stored in the registry 104 .
  • the first user application 106 asks for a certificate from the registry 104 .
  • the data to be stored is combined with the newly received certificate and then signed by the first user application 106 .
  • the second user application 108 reads the stored information from the registry 104 .
  • the second user application 108 can now make sure that the content has not been copied by challenging the registry 104 .
  • the second user application 108 can also make sure that the stored data has not been manipulated by examining the first user application 106 signature.
  • registry 104 [0053]
  • acknowledgement is sent from the registry 104 to the user application 106 .
  • FIG. 2 b is a signalling sequence diagram showing how to store data, a so-called value, in a created entry in the registry.
  • name of the value and the value is sent from the user application 106 ; to
  • FIG. 2 c is a signalling sequence diagram showing how to read data in a created entry in the registry.
  • anyone can read in an entry in the registry that not is restricted, but in this exemplary example, a first user application 106 has created an entry and stored a value in the created registry entry 104 and a second user application 108 wishes to read the value.
  • the second user application 108 sends a “read a value in the registry” command comprising the entry identity and the name of the value.
  • the registry 104 will send the requested value. If not, a non-acknowledgement is sent from the registry to the second user application 108 .
  • a “create an entry in the registry” command is sent by the first user application 106 to the registry 104 .
  • the command comprises a list of the one or more root certificates requested to be associated to the entry.
  • a restricted entry with the requested associated root certificates is created in the registry 104 and an acknowledgement is sent from the registry 104 to the user application 106 .
  • FIG. 3 b is a signalling sequence diagram showing how to store data, a so-called value, in a created entry with restrictions i.e. an associated root certificate, in the registry.
  • 311 A “write a value in the registry” command comprising the entry identity, a certificate that has been signed by a local certification authority (CA), the name of the value and the value, is sent by the first user application 106 to the registry 104 .
  • CA local certification authority
  • challenge the user application 106 This may be performed by creating a
  • the encrypted data is sent to the first user application 106 .
  • the first user application 106 decrypts the data and sends it back to the
  • registry 104 [0079]
  • [0083] is sent to the user application 106 .
  • FIG. 3 c is a signalling sequence diagram showing how to read data in a created entry in the registry restricted with an associated root certificate.
  • An organization can read in an entry in the registry that has got a valid certificate signed or issued by the owner of the root certificate
  • the first user application 106 has created an entry associated with a root certificate in the registry 104 , and stored a value in the created entry.
  • the second user application 108 wishes to read the value.
  • command to the registry 104 comprises the entry identity, a
  • [0090] may be performed by creating a random data and encrypting it with the
  • the second user application 108 decrypts the data with its private key
  • the requested value is sent to the second user application 108 .
  • FIG. 4 a is a signalling sequence diagram showing how to store data, a so-called value, copy protected in the registry such that a user application that reads the stored value can be sure that this is the original value and not a cloned one.
  • This is suitable e.g. for storing electronic tickets (e-tickets).
  • the first user application 106 may be an e-ticket issuer
  • the registry 104 may be a smart card such as a SIM card in a mobile phone of a person that purchases and uses the e-ticket for some kind of event such as a film
  • the second user application 108 may be a ticket receiver e.g. at a cinema, that collects the ticket from the person when he e.g. enters a cinema.
  • the ticket receiver want to be sure that the e-ticket is the one that the person purchased from the ticket issuer and not a cloned copy that he got free of charge from his friend.
  • a first user application 106 combines the value, e.g. an e-ticket, to be stored with a certificate previously downloaded from the registry 104 .
  • the first user application 106 signs the value-certificate combination and sends a “write a value in the registry” command comprising the entry identity, the name of the value and the signed combination to the registry 104 for storing.
  • the registry stores the signed combination and sends an acknowledgement to the first user application 106 if the storing is successful, otherwise a non-acknowledgement.
  • FIG. 4 b is a signalling sequence diagram showing how to find out that a read copy-protected value in the registry 104 it is not cloned or manipulated.
  • the second user application 108 wishes to read the value.
  • the second user application 108 sends a “read a value in the registry” command comprising the entry identity, and the value name.
  • the second user application 108 validates the signature of the signed data, extracts the stored certificate and then challenges the registry.
  • the challenge may be performed by encrypting a random number with the public key stored in the certificate and then sending the result to the registry 104 .
  • the registry 104 decrypts the challenge data and sends the result to the second user application 108 . If the result is the same as the encrypted random number sent to the registry 104 the value is regarded as not copied.
  • the method is implemented by means of a computer program product comprising the software code-means for performing the steps of the method.
  • the computer program product is run on processing means stored in a smart card.
  • the computer program is loaded directly or from a computer usable medium, such as a floppy disc, a CD, the Internet etc.

Landscapes

  • Engineering & Computer Science (AREA)
  • Business, Economics & Management (AREA)
  • Physics & Mathematics (AREA)
  • General Physics & Mathematics (AREA)
  • Theoretical Computer Science (AREA)
  • Accounting & Taxation (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Strategic Management (AREA)
  • General Business, Economics & Management (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Finance (AREA)
  • General Engineering & Computer Science (AREA)
  • Databases & Information Systems (AREA)
  • Microelectronics & Electronic Packaging (AREA)
  • Software Systems (AREA)
  • Signal Processing (AREA)
  • Medical Informatics (AREA)
  • Computing Systems (AREA)
  • Storage Device Security (AREA)

Abstract

The present invention relates to a smart card based registry database and is a database in which mobile terminal applications, SIM card based applications, PDA applications etc all can gain access, create new entries, read already stored information or update old information etc. How the information is used is up to the application, the registry only stores the information The registry comprises security such as authentication and encryption and can be used to improve existing applications.

Description

    FIELD OF THE INVENTION
  • The present invention relates to a method and arrangement in a database in accordance with the preambles of the independent claims. More specifically it relates to a secure smart card registry database. [0001]
    • BACKGROUND OF THE INVENTION
  • In the Windows™ environment there is a registry database containing information used by various applications from different vendors. Everyone has access to the registry. Everyone can read and write in the different entries as they please. However, such a public registry database is not suitable for storing of confidential data or data that not is intended to be cloned. [0002]
  • To attain security in open networks, several security solutions have appeared. One example is Public Key Infrastructure (PKI). PKI is a system used to distribute and check public keys that can be used to authenticate users, sign information or encrypt information. In a PKI system, two corresponding (also called asymmetric) keys are used in connection with protecting information. Information, which is encrypted with one of the two keys, can be decrypted only with the other key. One important feature of PKI systems is that it is computationally unfeasible to use knowledge of one of the keys to deduce the other key. In a typical PKI system, each of the systems possesses a set of two such keys. One of the keys is maintained private while the other is freely published. [0003]
  • A PKI distributes one or several public keys and determines whether a certain public key can be trusted for certain usage or not. An important concept in infrastructures built on public key cryptography is that of the Certification Authority (CA). The weakness in a public key system is that, even though it is desirable that the public keys for all users are easily available, it is also required to assert that it is truly known that a particular public key really belongs to the user that one is communicating with. This is what a CA is used for. It uses its good name to guarantee the correctness of a public key by signing a key. [0004]
  • What is further needed is a way of using PKI for storing data in a public registry database. [0005]
  • In cellular radio systems environments like the Global System for Mobile Communications (GSM), there is a Subscriber Identity Module (SIM) card that contains information required by a mobile phone to establish a call. The SIM card also contains information used by the user, such as Abbreviated Dialling Number (ADN) lists, Short Message Service (SMS) storage etc. [0006]
  • An external device such as a Personal Digital Assistant (PDA) can access the SIM card through a mobile phone's serial or Infrared Data Association (IrDA) port etc by using AT commands or mobile phones proprietary commands. (An AT command is a command language developed by Hayes Microcomputer Products, Inc. to control auto-dial modems from a dumb asynchronous terminal or a PC emulating such a terminal.) The devices can use all the SIM card commands such as CreateFile, UpdateBinary etc if the right PIN codes have been presented. [0007]
  • If there is an application on the mobile phone or the SIM such as WAP browser or SIM browser these can also access the SIM card. A disadvantage is that these programs (or the creator of the program) must know how to communicate with SIM card, which means that the SIM card commands from different SIM card manufacturers must be known. Also the administrative codes for each SIM card must be known if a new file is to be created. This is almost impossible. [0008]
    • SUMMARY OF THE INVENTION
  • The object of the present invention is to provide a smart card registry database where mobile terminal applications, SIM card based applications, PDA applications etc all can access this database, create new entries, read already stored information or update old information in a way of improved security. [0009]
  • The above-mentioned object is achieved by a method and a system according to the characterising part of the independent claims. [0010]
  • The smart card registry database provided by the present invention, comprising means for [0011]
  • creating an entry, which entry is associated with a root certificate, and which root certificate is signed and issued by a Certification Authority (CA); [0012]
  • receiving a request for accessing the created entry in the registry from any user application, said request comprising a certificate issued and signed by said CA, said certificate including a public key, said public key corresponding to a private key that said any user application owns; [0013]
  • using the obtained public key for challenging said any user application; [0014]
  • receiving a response of said challenge, encrypted by a private key of said any user application; [0015]
  • giving said any user application ([0016] 106) access if the challenge response is successful,
  • makes it possible for any user application ([0017] 106) to create an entry, which entry is accessible only for, by said any user application, selected user applications which implies improved security.
  • The method provided by the present invention comprising the steps of [0018]
  • creating an entry in the smart card registry database, which entry is associated with a toot certificate, and which toot certificate is signed and issued by a Certification Authority (CA); [0019]
  • any user application sending a request for access to the created entry in the registry, said request comprising a certificate issued and signed by the CA, said certificate including a public key, said public key corresponding to a private key that said any user application owns; [0020]
  • the registry ([0021] 104) challenging said any user application by means of the obtained public key;
  • said any user application responding said challenge by means of its said private key and returning it to the registry; [0022]
  • if the challenge response is successful, giving said any user application ([0023] 106) access to the created entry,
  • makes it possible for any user application to access this database, create new entries, read already stored information or update old information in a way of improved security. [0024]
  • An advantage with the present invention is that it makes it possible to store tickets, medical data etc. in a mobile phone in a secure way. [0025]
  • Preferred embodiments are set force in the dependent claims. [0026]
  • According to a first embodiment of the present invention, a value to be stored is combined with a certificate, which is retrieved from the registry, and the combination is signed by a user application and the signed value-certificate is stored in the smart card registry database. [0027]
  • An advantage with the first embodiment is that it can be checked by any user application reading the stored value whether the value is copied or manipulated. [0028]
    • BRIEF DESCRIPTION OF THE DRAWINGS
  • FIG. 1 shows an exemplary scenario wherein the registry according to the present invention is used. [0029]
  • FIG. 2[0030] a is a signalling sequence diagram showing an example of how to create an entry in the registry.
  • FIG. 2[0031] b is a signalling sequence diagram showing how to store data in a created entry in the registry.
  • FIG. 2[0032] c is a signalling sequence diagram showing how to read data in a created entry in the registry.
  • FIG. 3[0033] a is a signalling sequence diagram showing an example of how to create an entry with an associated certificate in the registry.
  • FIG. 3[0034] b is a signalling sequence diagram showing how to store data in a created entry with an associated certificate.
  • FIG. 3[0035] c is a signalling sequence diagram showing how to read data in a created entry with an associated certificate.
  • FIG. 4[0036] a is a signalling sequence diagram showing how to store a value, in a way that the value is protected against copying and manipulating.
  • FIG. 4[0037] b is a signalling sequence diagram showing how to find out that a read copy-protected value in the registry it is not copied or manipulated.
    • DETAILED DESCRIPTION OF PREFERRED EMBODIMENTS
  • The smart card based registry database according to the present invention and further on called the registry, is a database to which mobile terminal applications, SIM card based applications, PDA applications etc all can gain access, create new entries, read already stored information or update old information etc. How the information is used is up to the application, the registry only stores the information. The registry. comprises security such as authentication and encryption and can be used to improve existing applications. [0038]
  • FIG. 1 Shows an exemplary scenario wherein the registry according to the present invention is used. A [0039] smart card unit 102 comprising the registry 104 is accessible by one or more user applications, within this scenario by a first user application 106 and a second user application 108. The smart card 102 may be comprised e.g. in a portable unit such as a mobile phone, or PDA. The user application 106 is e.g. a mobile terminal application, a SIM card based application, a PDA application an electronic ticket application etc. that wishes to use the registry 104 for a safe storing of data. For example a person that wants to see a movie uses the WAP browser in his mobile phone to browse to a ticket-issuing unit within electronic cinema ticketing system and orders a ticket to the movie. He pays e.g. electronically. The first user application 106 in the ticket-issuing unit stores the electronic ticket in a registry 104 in the SIM card, i.e. a smart card 102, within the user's mobile phone. When the person comes to the cinema he connects to a ticket-receiving unit within the electronic cinema ticketing system via Bluetooth™ or IrDA or something else. The second user/application 108 within the ticket-receiving unit searches for the relevant ticket in the registry 104 and validates it.
  • Security The registry database is open for anyone but anyone has not access to all registry entries. An entry is defined as a “storage location” in the [0040] registry 104. The registry 104 is based on public key cryptography, e.g. on asymmetric encryption/decryption and signing, to attain security in the system. A certificate comprising a public key is stored in the registry 104. This certificate may be down loaded by any user application that requires protection for data to be stored in the registry 104. In the registry there is also a private key that corresponds to the public key in said certificate.
  • A [0041] first user application 106, that requires using the registry 104 for storing some data, creates an entry to the registry 104. If required, the first user application. 106 has a possibility to restrict who shall be granted access to the created entry. If so, one or more so called toot certificates are assigned to the entry. The owner of the root certificate is considered a local certification authority (CA) 110. This local CA 110 can be any entity, e.g. a user application 106. The purpose of the local CA 110 is to issue certificates. These certificates are used by different entities in the system. When the second user application 108 wants to read the information in the registry 104 it has to present a valid certificate that has been issued by the local CA 110 to the registry 104. The registry 104 then challenges the second user application 108. If the second user application 108 responses successfully to the challenge then access to the registry 104 is granted.
  • It is possible for a [0042] user application 106; 108 to add and remove root certificates to the created entry that grant access to the registry database.
  • It is further possible for the [0043] user application 106, 108 to make the choice to encrypt the data to be stored if so required.
  • It is also possible for the [0044] user application 106, 108, to make sure that the stored content is not copied, e.g. to another smart card registry. This is achieved with a certificate stored in the registry 104. The first user application 106 asks for a certificate from the registry 104. The data to be stored is combined with the newly received certificate and then signed by the first user application 106. The second user application 108 reads the stored information from the registry 104. The second user application 108 can now make sure that the content has not been copied by challenging the registry 104. The second user application 108 can also make sure that the stored data has not been manipulated by examining the first user application 106 signature.
  • To sum up, there are three levels of security of created entries in the [0045] registry 104.
  • First, when creating the entry without any restrictions, anyone is granted access to this entry. [0046]
  • Secondly, when associating one or more certificates to the created entry, only those who have got a valid certificate and are the owner of the certificate will be granted access to the entry when authorised. [0047]
  • Thirdly, using digital signatures to make sure that the data has not been manipulated or copied. [0048]
  • The proceedings when using the [0049] registry 104 with different levels of security will now be described more in detail referring to the signalling sequence diagrams in FIGS. 2-8
  • Using the Registry without Additional Certificates [0050]
  • Before storing anything in the registry, a registry entry must be created. This is shown in the signalling sequence diagram in FIG. 2[0051] a.
  • [0052] 201 A “create an entry” command is sent from the user application 106; to the
  • [0053] registry 104.
  • [0054] 202 An entry without restrictions is created in the registry 104 and an
  • acknowledgement is sent from the [0055] registry 104 to the user application 106.
  • FIG. 2[0056] b is a signalling sequence diagram showing how to store data, a so-called value, in a created entry in the registry.
  • [0057] 211 A “write a value in the registry” command comprising the entry identity, the
  • name of the value and the value, is sent from the [0058] user application 106; to
  • the [0059] registry 104.
  • [0060] 212 If successful writing to registry entry, the registry 104 will respond to the
  • [0061] user application 106 with an acknowledgement message, and if not
  • successful, with a non-acknowledgement message. [0062]
  • FIG. 2[0063] c is a signalling sequence diagram showing how to read data in a created entry in the registry. Anyone can read in an entry in the registry that not is restricted, but in this exemplary example, a first user application 106 has created an entry and stored a value in the created registry entry 104 and a second user application 108 wishes to read the value.
  • [0064] 221 The second user application 108 sends a “read a value in the registry” command comprising the entry identity and the name of the value.
  • [0065] 222 If the registry entry contains the relevant information, the registry 104 will send the requested value. If not, a non-acknowledgement is sent from the registry to the second user application 108.
  • Using the Registry with Additional Certificates [0066]
  • As mentioned above, a registry entry must be created before storing anything in the registry. This is shown in the signalling sequence diagram in FIG. 3[0067] a and is similar to the creating procedure in the non-restricted use described above.
  • [0068] 301 A “create an entry in the registry” command is sent by the first user application 106 to the registry 104. The command comprises a list of the one or more root certificates requested to be associated to the entry.
  • [0069] 302 A restricted entry with the requested associated root certificates is created in the registry 104 and an acknowledgement is sent from the registry 104 to the user application 106.
  • FIG. 3[0070] b is a signalling sequence diagram showing how to store data, a so-called value, in a created entry with restrictions i.e. an associated root certificate, in the registry.
  • [0071] 311 A “write a value in the registry” command comprising the entry identity, a certificate that has been signed by a local certification authority (CA), the name of the value and the value, is sent by the first user application 106 to the registry 104.
  • [0072] 312 The registry 104 verifies that the certificate specified in the “write a value in
  • the registry” command in [0073] step 311 is valid and if so the registry will
  • challenge the [0074] user application 106. This may be performed by creating a
  • random data and encrypting the random data with the public key of the [0075]
  • certificate specified in the “write a value in the registry” command in step [0076]
  • [0077] 311. The encrypted data is sent to the first user application 106.
  • [0078] 313 The first user application 106 decrypts the data and sends it back to the
  • [0079] registry 104.
  • [0080] 314 The registry 104 verifies that the encrypted data has been decrypted
  • correctly. If the random data is the same as before the [0081] registry 104
  • encrypted it, the value is stored in the [0082] registry 104, otherwise a non-acknowledgement
  • is sent to the [0083] user application 106.
  • FIG. 3[0084] c is a signalling sequence diagram showing how to read data in a created entry in the registry restricted with an associated root certificate. Anyone can read in an entry in the registry that has got a valid certificate signed or issued by the owner of the root certificate The first user application 106 has created an entry associated with a root certificate in the registry 104, and stored a value in the created entry. The second user application 108 wishes to read the value.
  • [0085] 321 The second user application 108 sends a “read a value in the registry”
  • command to the [0086] registry 104. The command comprises the entry identity, a
  • certificate that has been signed or issued by the owner of the root certificate [0087]
  • and the name of the requested value. [0088]
  • [0089] 322 The registry 104 will now challenge the second user application 108. This
  • may be performed by creating a random data and encrypting it with the [0090]
  • public key, comprised in the certificate specified in the “write a value” [0091]
  • command in step [0092] 331. The encrypted data is sent to the second user
  • [0093] application 108.
  • [0094] 323 The second user application 108 decrypts the data with its private key and
  • sends it back to the [0095] registry 104.
  • [0096] 324 The registry 104 verifies that the encrypted data has been decrypted
  • correctly. If the random data is the same as before the [0097] registry 104
  • encrypted it, the requested value is sent to the [0098] second user application 108,
  • otherwise a non-acknowledgement is sent to it. [0099]
  • Using the Registry with Copy Protection [0100]
  • To be capable of storing a value copy protected the user application must download a certificate from the [0101] registry 104. It is assumed that the user application previously has created an entry with or without restrictions, both can be used.
  • FIG. 4[0102] a is a signalling sequence diagram showing how to store data, a so-called value, copy protected in the registry such that a user application that reads the stored value can be sure that this is the original value and not a cloned one. This is suitable e.g. for storing electronic tickets (e-tickets). In that case the first user application 106 may be an e-ticket issuer, the registry 104 may be a smart card such as a SIM card in a mobile phone of a person that purchases and uses the e-ticket for some kind of event such as a film, and the second user application 108 may be a ticket receiver e.g. at a cinema, that collects the ticket from the person when he e.g. enters a cinema. The ticket receiver want to be sure that the e-ticket is the one that the person purchased from the ticket issuer and not a cloned copy that he got free of charge from his friend.
  • [0103] 401 A first user application 106 combines the value, e.g. an e-ticket, to be stored with a certificate previously downloaded from the registry 104. The first user application 106 signs the value-certificate combination and sends a “write a value in the registry” command comprising the entry identity, the name of the value and the signed combination to the registry 104 for storing.
  • [0104] 402 The registry stores the signed combination and sends an acknowledgement to the first user application 106 if the storing is successful, otherwise a non-acknowledgement.
  • FIG. 4[0105] b is a signalling sequence diagram showing how to find out that a read copy-protected value in the registry 104 it is not cloned or manipulated. The second user application 108 wishes to read the value.
  • [0106] 411 The second user application 108 sends a “read a value in the registry” command comprising the entry identity, and the value name.
  • [0107] 412 The registry returns the value to the second user application 108.
  • [0108] 413 The second user application 108 validates the signature of the signed data, extracts the stored certificate and then challenges the registry. The challenge may be performed by encrypting a random number with the public key stored in the certificate and then sending the result to the registry 104.
  • [0109] 414 The registry 104 decrypts the challenge data and sends the result to the second user application 108. If the result is the same as the encrypted random number sent to the registry 104 the value is regarded as not copied.
  • The method is implemented by means of a computer program product comprising the software code-means for performing the steps of the method. The computer program product is run on processing means stored in a smart card. The computer program is loaded directly or from a computer usable medium, such as a floppy disc, a CD, the Internet etc [0110]
  • The present invention is not limited to the above-described preferred embodiments. Various alternatives, modifications and equivalents may be used. Therefore, the above embodiments should not be taken as limiting the scope of the invention, which is defined by the appending claims. [0111]

Claims (19)

1. A method for a user application (106) to get access to a registry (104) within a smart card,
creating an entry in the registry (104), which entry is associated with a root certificate, and which root certificate is signed and issued by a Certification Authority (CA) (110);
any user application (106) sending a request for access to the created entry in the registry (104), said request comprising a certificate issued and signed by said CA, said certificate including a public key, said public key corresponding to a private key that said any user application (106) owns;
the registry (104) challenging said any user application (106) by means of the obtained public key;
said any user application (106) responding said challenge by means of its said private key and returning it to the registry (104)
if the challenge response is successful, said any user application (106) given access to the created entry.
2. The method according to claim 1 wherein the step of creating an entry is performed by a first user application (106).
3. The method according the previous claim, wherein said any user application is the first user application (106) that has got access to the created entry for storing a value within said entry.
4. The method according the previous claim, wherein said any user application is a second user application (108) that has got access to the created entry for storing a value within said entry.
5. The method according to any of the claims 2-4, wherein said any user application is the first user application (106) that has got access to the created entry for reading a value stored in said entry.
6. The method according the any of the claims 2-4, wherein said any user application is a second user application (106) that has got access to the created entry for reading a value stored in said entry.
7. The method according the any of the previous claims, wherein a first value is to be stored in the created entry of the registry (104) such that the value cannot be copied or manipulated, the method comprising the further step of:
any user application (106) combining the first value to be stored with a certificate obtained from the registry (104),
the any user application (106) signing said value-certificate combination;
the any user application (106) sending said signed value-certificate combination to the registry to be stored in the created entry.
8. The method according to claim 7, wherein any user requires to read said first value, comprising the further step of:
any user application (106) obtaining said value-certificate combination, comprising the public key from the registry (104)
said any user application (106) challenging the registry (104) by means of the obtained public key;
the registry (104) responding said challenge by means of a private key that corresponds to the public key comprised in said certificate and returning it to said any user application (106)
if the challenge response is successful, the value is regarded as not copied or manipulated.
9. A computer program product directly loadable into the internal memory of a processing means within a smart card, comprising the software code means for performing the steps of any of the claims 1-8.
10. A computer program product stored on a computer usable medium, comprising readable program for causing a processing means within a smart card, to control an execution of the steps of any of the claims 1-8.
11. A smart card database registry (104) wherein any user application (106) may create an entry, which entry is accessible only for, by said any user application, selected user applications characterised in that the registry (104) comprises
means for creating an entry, which entry is associated with a root certificate, and which root certificate is signed and issued by a Certification Authority (CA) (110);
means for receiving a request for accessing the created entry in the registry (104) from any user. application (106), said request comprising a certificate issued and signed by the CA, said certificate including a public key, said public key corresponding to a private key that said any user application (106) owns;
means for using the obtained public key for challenging said any user application (106);
means for receiving a response of said challenge, encrypted by a private key of said any user application (106);
means for giving said any user application (106) access if the challenge response is successful.
12. The smart card database registry (104) according to claim 11, wherein it comprises means for storing a value in a created entry.
13. The smart card database registry (104) according to any of the claims 11-12, wherein it further comprises means for reading a value in the created entry.
14. The smart card database registry (104) according to any of the claims 11-13, wherein it comprises a public key and further, a certificate adapted for being sent to a user application requesting it, said certificate comprises a public key corresponding to said private key.
15. The smart card database registry (104) according to claim 13, wherein said means for storing a value in a created entry, for storing the value such that it can be checked by any user application reading the value whether it is copied or manipulated, comprises:
means for storing a so-called signed value-certificate combination received from any user application (106), the signed value-certificate combination comprising
a value to be stored combined with a certificate
which certificate said any user application (106) has obtained from the registry (104)
and which value-certificate combination is signed by said any user application (106).
16. The smart card database registry (104) according to claim 15, wherein the means for reading a value in the created entry comprises means for delivering said stored value-certificate combination, comprising the public key, to a user application (108) requesting it.
17. The smart card database registry (104) according to claim 15, wherein it further comprises means for responding a challenge from the user application (108) to which it delivered said stored value-certificate combination,
said challenge being encrypted by said user application (108) by means of the public key within the certificate,
and which challenge is responded by means of the public key corresponding to said certificate.
18. A smart card comprising the smart card registry (104) according to any of the claims 11-17.
19. A mobile terminal comprising the smart card according to claim 18.
US10/471,844 2001-03-16 2002-02-27 Method and arrangement in a database Abandoned US20040172369A1 (en)

Applications Claiming Priority (3)

Application Number Priority Date Filing Date Title
SE0100916-6 2001-03-16
SE0100916A SE520489C2 (en) 2001-03-16 2001-03-16 Procedure and arrangement in a database
PCT/SE2002/000336 WO2002075677A1 (en) 2001-03-16 2002-02-27 Method and arrangement in a database

Publications (1)

Publication Number Publication Date
US20040172369A1 true US20040172369A1 (en) 2004-09-02

Family

ID=20283388

Family Applications (1)

Application Number Title Priority Date Filing Date
US10/471,844 Abandoned US20040172369A1 (en) 2001-03-16 2002-02-27 Method and arrangement in a database

Country Status (4)

Country Link
US (1) US20040172369A1 (en)
EP (1) EP1371034A1 (en)
SE (1) SE520489C2 (en)
WO (1) WO2002075677A1 (en)

Cited By (14)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20060105807A1 (en) * 2004-10-25 2006-05-18 Samsung Electronics Co., Ltd. Method for reliably managing database in GSM/GPRS hybrid terminal and hybrid terminal
WO2006066604A1 (en) * 2004-12-22 2006-06-29 Telecom Italia S.P.A. Method and system for access control and data protection in digital memories, related digital memory and computer program product therefor
WO2006089541A2 (en) * 2005-02-28 2006-08-31 Vodafone Holding Gmbh Chip card for a communications device, communications device and method for managing user-specific data
EP1701312A1 (en) * 2005-03-11 2006-09-13 NTT DoCoMo Inc. Authentication device, mobile terminal, and authentication method
WO2007056054A1 (en) * 2005-11-02 2007-05-18 Promethean Storage Llc Content control systems and methods
US7571368B1 (en) 2006-01-26 2009-08-04 Promethean Storage Llc Digital content protection systems and methods
US7996899B1 (en) 2006-02-24 2011-08-09 Hitachi Global Storage Technologies Netherlands B.V. Communication systems and methods for digital content modification and protection
EP2003589A3 (en) * 2007-05-15 2012-05-30 FeliCa Networks, Inc. Authentication information management system, server, method and program
US8243922B1 (en) 2006-02-24 2012-08-14 Hitachi Global Storage Technologies Netherlands B.V. Digital content modification for content protection
CN103107881A (en) * 2011-11-11 2013-05-15 中兴通讯股份有限公司 Access method, device and system of smart card
US8904195B1 (en) * 2013-08-21 2014-12-02 Citibank, N.A. Methods and systems for secure communications between client applications and secure elements in mobile devices
US9177111B1 (en) 2006-11-14 2015-11-03 Hitachi Global Storage Technologies Netherlands B.V. Systems and methods for protecting software
US20160149878A1 (en) * 2014-11-21 2016-05-26 Mcafee, Inc. Protecting user identity and personal information by sharing a secret between personal iot devices
US10313355B2 (en) * 2003-12-18 2019-06-04 Intel Corporation Client side security management for an operations, administration and maintenance system for wireless clients

Families Citing this family (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7119659B2 (en) * 2001-07-10 2006-10-10 American Express Travel Related Services Company, Inc. Systems and methods for providing a RF transaction device for use in a private label transaction
JP2003317070A (en) * 2002-04-23 2003-11-07 Ntt Docomo Inc Ic card, mobile terminal, and access control method
DE60329162C5 (en) 2003-03-03 2016-08-11 Nokia Technologies Oy Security element control method and mobile terminal
AU2003244914A1 (en) 2003-07-04 2005-01-21 Nokia Corporation Key storage administration
US20060047954A1 (en) * 2004-08-30 2006-03-02 Axalto Inc. Data access security implementation using the public key mechanism
JP3845106B2 (en) 2005-03-14 2006-11-15 株式会社エヌ・ティ・ティ・ドコモ Mobile terminal and authentication method
US20070220498A1 (en) * 2006-03-15 2007-09-20 Madsen Jens O Method, mobile terminal and computer program product for interworking via a card application toolkit

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4831245A (en) * 1986-09-16 1989-05-16 Fujitsu Limited System for data field area acquisition in IC card for multiple services
US5856659A (en) * 1996-03-11 1999-01-05 Koninklijke Ptt Nederland N.V. Method of securely modifying data on a smart card
US6038551A (en) * 1996-03-11 2000-03-14 Microsoft Corporation System and method for configuring and managing resources on a multi-purpose integrated circuit card using a personal computer
US6296191B1 (en) * 1998-09-02 2001-10-02 International Business Machines Corp. Storing data objects in a smart card memory

Family Cites Families (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CA2288824A1 (en) * 1997-03-24 1998-10-01 Marc B. Kekicheff A system and method for a multi-application smart card which can facilitate a post-issuance download of an application onto the smart card
EP1125262A1 (en) * 1998-10-27 2001-08-22 Visa International Service Association Delegated management of smart card applications

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4831245A (en) * 1986-09-16 1989-05-16 Fujitsu Limited System for data field area acquisition in IC card for multiple services
US5856659A (en) * 1996-03-11 1999-01-05 Koninklijke Ptt Nederland N.V. Method of securely modifying data on a smart card
US6038551A (en) * 1996-03-11 2000-03-14 Microsoft Corporation System and method for configuring and managing resources on a multi-purpose integrated circuit card using a personal computer
US6296191B1 (en) * 1998-09-02 2001-10-02 International Business Machines Corp. Storing data objects in a smart card memory

Cited By (25)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US10313355B2 (en) * 2003-12-18 2019-06-04 Intel Corporation Client side security management for an operations, administration and maintenance system for wireless clients
US7450962B2 (en) * 2004-10-25 2008-11-11 Samsung Electronics Co., Ltd. Method for reliably managing database in GSM/GPRS hybrid terminal and hybrid terminal
US20060105807A1 (en) * 2004-10-25 2006-05-18 Samsung Electronics Co., Ltd. Method for reliably managing database in GSM/GPRS hybrid terminal and hybrid terminal
WO2006066604A1 (en) * 2004-12-22 2006-06-29 Telecom Italia S.P.A. Method and system for access control and data protection in digital memories, related digital memory and computer program product therefor
US8789195B2 (en) 2004-12-22 2014-07-22 Telecom Italia S.P.A. Method and system for access control and data protection in digital memories, related digital memory and computer program product therefor
WO2006089541A2 (en) * 2005-02-28 2006-08-31 Vodafone Holding Gmbh Chip card for a communications device, communications device and method for managing user-specific data
WO2006089541A3 (en) * 2005-02-28 2006-12-07 Vodafone Holding Gmbh Chip card for a communications device, communications device and method for managing user-specific data
US20090199005A1 (en) * 2005-03-11 2009-08-06 Ntt Docomo, Inc. Authentication device, mobile terminal, and authentication method
US20060212397A1 (en) * 2005-03-11 2006-09-21 Ntt Docomo, Inc. Authentication device, mobile terminal, and authentication method
EP1701312A1 (en) * 2005-03-11 2006-09-13 NTT DoCoMo Inc. Authentication device, mobile terminal, and authentication method
WO2007056054A1 (en) * 2005-11-02 2007-05-18 Promethean Storage Llc Content control systems and methods
US7577809B2 (en) 2005-11-02 2009-08-18 Promethean Storage Llc Content control systems and methods
US7571368B1 (en) 2006-01-26 2009-08-04 Promethean Storage Llc Digital content protection systems and methods
US7966539B2 (en) 2006-01-26 2011-06-21 Hitachi Global Storage Technologies Netherlands B.V. Digital content protection systems and methods
US7996899B1 (en) 2006-02-24 2011-08-09 Hitachi Global Storage Technologies Netherlands B.V. Communication systems and methods for digital content modification and protection
US8243922B1 (en) 2006-02-24 2012-08-14 Hitachi Global Storage Technologies Netherlands B.V. Digital content modification for content protection
US9177111B1 (en) 2006-11-14 2015-11-03 Hitachi Global Storage Technologies Netherlands B.V. Systems and methods for protecting software
EP2003589A3 (en) * 2007-05-15 2012-05-30 FeliCa Networks, Inc. Authentication information management system, server, method and program
CN103107881A (en) * 2011-11-11 2013-05-15 中兴通讯股份有限公司 Access method, device and system of smart card
WO2013067792A1 (en) * 2011-11-11 2013-05-16 中兴通讯股份有限公司 Method, device and system for querying smart card
US8904195B1 (en) * 2013-08-21 2014-12-02 Citibank, N.A. Methods and systems for secure communications between client applications and secure elements in mobile devices
US20160149878A1 (en) * 2014-11-21 2016-05-26 Mcafee, Inc. Protecting user identity and personal information by sharing a secret between personal iot devices
US9769133B2 (en) * 2014-11-21 2017-09-19 Mcafee, Inc. Protecting user identity and personal information by sharing a secret between personal IoT devices
US10498715B2 (en) 2014-11-21 2019-12-03 Mcafee, Llc Protecting user identity by sharing a secret between personal IoT devices
US11496450B2 (en) 2014-11-21 2022-11-08 Mcafee, Llc Protecting user identity and personal information by sharing a secret between personal IoT devices

Also Published As

Publication number Publication date
EP1371034A1 (en) 2003-12-17
WO2002075677A1 (en) 2002-09-26
SE0100916D0 (en) 2001-03-16
SE520489C2 (en) 2003-07-15
SE0100916L (en) 2002-09-17

Similar Documents

Publication Publication Date Title
US20040172369A1 (en) Method and arrangement in a database
US7899187B2 (en) Domain-based digital-rights management system with easy and secure device enrollment
US8335925B2 (en) Method and arrangement for secure authentication
CA2341784C (en) Method to deploy a pki transaction in a web browser
EP1801721B1 (en) Computer implemented method for securely acquiring a binding key for a token device and a secured memory device and system for securely binding a token device and a secured memory device
US8336105B2 (en) Method and devices for the control of the usage of content
KR101238490B1 (en) Binding content licenses to portable storage devices
US7650630B2 (en) Device and method for restricting content access and storage
EP1442554B1 (en) A method, system and computer program product for integrity-protected storage in a personal communication device
US20050137889A1 (en) Remotely binding data to a user device
US8239684B2 (en) Software IC card system, management server, terminal, service providing server, service providing method, and program
US8726360B2 (en) Telecommunication method, computer program product and computer system
US8572372B2 (en) Method for selectively enabling access to file systems of mobile terminals
KR20050020165A (en) Method for Sharing Rights Object Between Users
KR20030074483A (en) Service providing system in which services are provided from service provider apparatus to service user apparatus via network
US20030076957A1 (en) Method, system and computer program product for integrity-protected storage in a personal communication device
JPH10336172A (en) Managing method of public key for electronic authentication
KR20040028086A (en) Contents copyright management system and the method in wireless terminal
US7752318B2 (en) Method of exchanging secured data through a network
EP2234423B1 (en) Secure identification over communication network
JP2004070727A (en) Receiver, program, recording medium, and method for limiting use of contents
KR100431215B1 (en) Method for taking network service certification in a home gateway and method for relaying this certification
JP2004110431A (en) Personal identification system, server device, personal identification method, program and recording medium
JP2006066960A (en) Storage device, storing method and program

Legal Events

Date Code Title Description
AS Assignment

Owner name: SMARTTRUST SYSTEMS OY, FINLAND

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:PERSSON, JONAS;REEL/FRAME:015305/0752

Effective date: 20040413

STCB Information on status: application discontinuation

Free format text: ABANDONED -- FAILURE TO RESPOND TO AN OFFICE ACTION